Re: Distributed Search and Lookups

ruisantos · ‎05-13-2010

Hi,

I'm getting an error on my Search Head when browsing for content related to some LOOKUP directives I have in my apps.

The LOOKUP directives were copied from one of the search peers were they are working.

Currently my problems are: - I'm getting an error stating that this lookup does not exist on one of the search peers (true, because that search peer does not required them) - the LOOKUP directives are not working on the search head.

Any ideas on how this can be solved?

Stephen_Sorkin · ‎06-04-2010

Splunk should automatically move lookup related files to the search peers from the search head. Is this a script-based lookup? If so, there are some intricacies in getting these to work in distributed, since they may land in a different-than-expected directory.

Could you share your configuration and the general mechanism of operation for your lookup?

gfriedmann · ‎06-23-2011

What are the intricacies for a script based lookup in a distributed environment? For example, dnslookup.

Distributed Search and Lookups

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation